|
312161
|
6.5 |
MEDIUM
Network
|
ptc
|
thingworx
|
An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-40395
|
2024-08-30 23:35 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312162
|
- |
|
-
|
-
|
A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet…
|
CWE-94
Code Injection
|
CVE-2024-5651
|
2024-08-30 23:15 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312163
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commi…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2024-3114
|
2024-08-30 23:15 |
2024-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312164
|
9.8 |
CRITICAL
Network
|
fortra
|
filecatalyst_workflow
|
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confi…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-6633
|
2024-08-30 23:11 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312165
|
7.2 |
HIGH
Network
|
fortra
|
filecatalyst_workflow
|
A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, an…
|
CWE-89
SQL Injection
|
CVE-2024-6632
|
2024-08-30 23:07 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312166
|
9.8 |
CRITICAL
Network
|
brainlowcode
|
brain_low-code
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows S…
|
CWE-89
SQL Injection
|
CVE-2024-7071
|
2024-08-30 22:56 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312167
|
7.5 |
HIGH
Network
|
flowiseai
|
flowise
|
An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supp…
|
NVD-CWE-noinfo
|
CVE-2024-8182
|
2024-08-30 22:53 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312168
|
6.7 |
MEDIUM
Local
|
mongodb
|
mongodb
|
In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cau…
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2024-8207
|
2024-08-30 22:07 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312169
|
- |
|
-
|
-
|
An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected.
This is possible because the TAMPERRSTCAUSE register may not be…
|
-
|
CVE-2024-2502
|
2024-08-30 22:00 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312170
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. This affects an unknown part of the file /ajax/getBasicInfo.php. The manipulatio…
|
-
|
CVE-2024-8303
|
2024-08-30 22:00 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
